chore: merged LEAP-852-add-local-stack-integration into master #5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Leapp Desktop App CD - prod | |
| on: | |
| push: | |
| branches: | |
| - master | |
| env: | |
| CERTIFICATE_APPLICATION_OSX_P12: ${{ secrets.CERTIFICATE_APPLICATION_OSX_P12 }} | |
| CERTIFICATE_OSX_P12: ${{ secrets.CERTIFICATE_OSX_P12 }} | |
| DECODE_PASSWORD: ${{ secrets.DECODE_PASSWORD }} | |
| DISTRIBUTION_ID: ${{ secrets.DISTRIBUTION_ID }} | |
| GH_TOKEN: ${{ secrets.GH_TOKEN }} | |
| KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
| S3_BUCKET: s3://noovolari-leapp-website-distribution | |
| WIN_CERTIFICATE: ${{ secrets.WIN_CERTIFICATE }} | |
| WIN_CSC_KEY_PASSWORD: ${{ secrets.WIN_CSC_KEY_PASSWORD }} | |
| ESIGNER_WIN_USERNAME: ${{ secrets.ESIGNER_WIN_USERNAME }} | |
| ESIGNER_WIN_PASSWORD: ${{ secrets.ESIGNER_WIN_PASSWORD }} | |
| ESIGNER_WIN_CREDENTIAL_ID: ${{ secrets.ESIGNER_WIN_CREDENTIAL_ID }} | |
| ESIGNER_WIN_TOTP: ${{ secrets.ESIGNER_WIN_TOTP }} | |
| ESIGNER_WIN_CLIENT_ID: ${{ secrets.ESIGNER_WIN_CLIENT_ID }} | |
| TEAM_REPOSITORY: ${{ secrets.TEAM_REPOSITORY }} | |
| jobs: | |
| tag-validation: | |
| outputs: | |
| validator: ${{ steps.validator.outputs.VALID_TAG }} | |
| tag-version: ${{ steps.validator.outputs.TAG_VERSION }} | |
| runs-on: macos-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| ref: master | |
| - name: Check Tag Validity | |
| id: validator | |
| run: | | |
| git fetch | |
| TAG=$(git tag --points-at $GITHUB_SHA) | |
| REGEX="^v[0-9]+\.[0-9]+.[0-9]+" | |
| if [[ $TAG =~ $REGEX ]]; then IS_VALID_TAG=1; else IS_VALID_TAG=0; fi; | |
| echo "::set-output name=VALID_TAG::$IS_VALID_TAG" | |
| echo "::set-output name=TAG_VERSION::$TAG" | |
| - name: If valid tag set | |
| if: steps.validator.outputs.VALID_TAG == 1 | |
| run: | | |
| echo "Valid Tag Found - Building Desktop App..." | |
| - name: If not valid tag set | |
| if: steps.validator.outputs.VALID_TAG != 1 | |
| run: | | |
| echo "Not a Desktop App Release Tag or Invalid one Found - Exiting..." | |
| build-win: | |
| runs-on: windows-2022 | |
| needs: [ tag-validation ] | |
| if: needs.tag-validation.outputs.validator == 1 | |
| steps: | |
| - name: Prepare GIT | |
| shell: bash | |
| run: | | |
| git config --global core.autocrlf false | |
| git config --global core.eol lf | |
| - uses: actions/checkout@v3 | |
| - uses: actions/checkout@v3 | |
| if: ${{ env.TEAM_REPOSITORY != '' }} | |
| with: | |
| repository: ${{ env.TEAM_REPOSITORY }} | |
| ref: main | |
| token: ${{ secrets.GH_TOKEN }} | |
| path: leapp-team | |
| - name: Inject Team Feature | |
| if: ${{ env.TEAM_REPOSITORY != '' }} | |
| run: | | |
| cd packages/core | |
| npm install | |
| npm run build | |
| cd ../.. | |
| mv leapp-team .. | |
| cd ../leapp-team/packages/leapp-team-core | |
| npm run bootstrap | |
| cd ../leapp-team-service | |
| npm install | |
| npm run test | |
| npm run enable-team-features-prod | |
| - name: Build Win desktop app | |
| shell: bash | |
| run: | | |
| cd packages/desktop-app | |
| curl https://asset.noovolari.com/signing-tool/CodeSignTool-v1.2.7-windows.zip --output CodeSignTool-v1.2.7-windows.zip -s | |
| unzip CodeSignTool-v1.2.7-windows.zip | |
| CONFIG_FILE=code_sign_tool.properties | |
| cat "./CodeSignTool-v1.2.7-windows/conf/$CONFIG_FILE" | |
| npm install | |
| npm run release-win | |
| rm -Rf ./release/win-unpacked | |
| rm -Rf ./release/.cache | |
| rm -Rf ./release/builder-debug.yml | |
| rm -Rf ./release/builder-effective-config.yaml | |
| TAG_VERSION=${{ needs.tag-validation.outputs.tag-version }} | |
| TAG_VERSION=${TAG_VERSION:1} | |
| rm "./release/Leapp-${TAG_VERSION}-win.zip" ||: | |
| powershell "Compress-Archive './release/Leapp Setup ${TAG_VERSION}.exe' './release/Leapp-${TAG_VERSION}-win.zip'" | |
| powershell "Compress-Archive './release/Leapp Setup ${TAG_VERSION}.exe' './release/Leapp-windows.zip'" | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: eu-west-1 | |
| - name: Release draft to S3 | |
| shell: bash | |
| run: | | |
| cd packages/desktop-app | |
| TAG_VERSION=${{ needs.tag-validation.outputs.tag-version }} | |
| TAG_VERSION=${TAG_VERSION:1} | |
| aws s3 cp ./release/ "${{ env.S3_BUCKET }}/${TAG_VERSION}/" --recursive | |
| build-linux: | |
| runs-on: ubuntu-latest | |
| needs: [ tag-validation ] | |
| if: needs.tag-validation.outputs.validator == 1 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/checkout@v3 | |
| if: ${{ env.TEAM_REPOSITORY != '' }} | |
| with: | |
| repository: ${{ env.TEAM_REPOSITORY }} | |
| ref: main | |
| token: ${{ secrets.GH_TOKEN }} | |
| path: leapp-team | |
| - name: Inject Team Feature | |
| if: ${{ env.TEAM_REPOSITORY != '' }} | |
| run: | | |
| cd packages/core | |
| npm install | |
| npm run build | |
| cd ../.. | |
| mv leapp-team .. | |
| cd ../leapp-team/packages/leapp-team-core | |
| npm run bootstrap | |
| cd ../leapp-team-service | |
| npm install | |
| npm run test | |
| npm run enable-team-features-prod | |
| - name: Build Linux desktop app | |
| run: | | |
| cd packages/desktop-app | |
| npm install | |
| npm run release-linux | |
| rm -Rf ./release/linux-unpacked | |
| rm -Rf ./release/.cache | |
| rm -Rf ./release/builder-debug.yml | |
| rm -Rf ./release/builder-effective-config.yaml | |
| TAG_VERSION=${{ needs.tag-validation.outputs.tag-version }} | |
| TAG_VERSION=${TAG_VERSION:1} | |
| zip "./release/Leapp-deb.zip" "./release/Leapp_${TAG_VERSION}_amd64.deb" | |
| zip "./release/Leapp-appImage.zip" "./release/Leapp-${TAG_VERSION}.AppImage" | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: eu-west-1 | |
| - name: Release draft to S3 | |
| run: | | |
| cd packages/desktop-app | |
| TAG_VERSION=${{ needs.tag-validation.outputs.tag-version }} | |
| TAG_VERSION=${TAG_VERSION:1} | |
| aws s3 cp ./release/ "${{ env.S3_BUCKET }}/${TAG_VERSION}/" --recursive | |
| build-macos-x64: | |
| runs-on: macos-latest | |
| needs: [ tag-validation ] | |
| if: needs.tag-validation.outputs.validator == 1 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/checkout@v3 | |
| if: ${{ env.TEAM_REPOSITORY != '' }} | |
| with: | |
| repository: ${{ env.TEAM_REPOSITORY }} | |
| ref: main | |
| token: ${{ secrets.GH_TOKEN }} | |
| path: leapp-team | |
| - name: Inject Team Feature | |
| if: ${{ env.TEAM_REPOSITORY != '' }} | |
| run: | | |
| cd packages/core | |
| npm install | |
| npm run build | |
| cd ../.. | |
| mv leapp-team .. | |
| cd ../leapp-team/packages/leapp-team-core | |
| npm run bootstrap | |
| cd ../leapp-team-service | |
| npm install | |
| npm run test | |
| npm run enable-team-features-prod | |
| - name: Build macOS x64 desktop app | |
| uses: nick-fields/retry@v2 | |
| env: | |
| APPLE_NOTARISATION_PASSWORD: ${{ secrets.APPLE_NOTARISATION_PASSWORD }} | |
| with: | |
| timeout_minutes: 20 | |
| max_attempts: 5 | |
| command: | | |
| cd packages/desktop-app | |
| KEY_CHAIN=build.keychain | |
| CERTIFICATE_P12=certificate.p12 | |
| CERTIFICATE_APPLICATION_P12=certificate-application.p12 | |
| echo "Recreate the certificate from the secure environment variable" | |
| echo "security create-keychain" | |
| echo "${{ env.CERTIFICATE_OSX_P12 }}" | base64 --decode > $CERTIFICATE_P12 | |
| echo "${{ env.CERTIFICATE_APPLICATION_OSX_P12 }}" | base64 --decode > $CERTIFICATE_APPLICATION_P12 | |
| security create-keychain -p ${{ env.KEYCHAIN_PASSWORD }} $KEY_CHAIN | |
| echo "security list-keychains" | |
| security list-keychains -s login.keychain build.keychain | |
| echo "security default-keychain" | |
| security default-keychain -s $KEY_CHAIN | |
| echo "security unlock-keychain" | |
| security unlock-keychain -p ${{ env.KEYCHAIN_PASSWORD }} $KEY_CHAIN | |
| echo "security import" | |
| security import $CERTIFICATE_P12 -k $KEY_CHAIN -P '${{ env.DECODE_PASSWORD }}' -T /usr/bin/codesign; | |
| security import $CERTIFICATE_APPLICATION_P12 -k $KEY_CHAIN -P '${{ env.DECODE_PASSWORD }}' -T /usr/bin/codesign; | |
| echo "security find-identity" | |
| security find-identity -v | |
| echo "security set-key-partition-list" | |
| security set-key-partition-list -S apple-tool:,apple:,codesign:, -s -k ${{ env.KEYCHAIN_PASSWORD }} $KEY_CHAIN | |
| rm -fr *.p12 | |
| npm install | |
| npm run set-target-x64 | |
| npm run release-mac | |
| - name: Clean build | |
| run: | | |
| cd packages/desktop-app | |
| rm -Rf ./release/mac | |
| rm -Rf ./release/mac-unpacked | |
| rm -Rf ./release/.cache | |
| rm -Rf ./release/builder-debug.yml | |
| rm -Rf ./release/builder-effective-config.yaml | |
| TAG_VERSION=${{ needs.tag-validation.outputs.tag-version }} | |
| TAG_VERSION=${TAG_VERSION:1} | |
| rm "./release/Leapp-${TAG_VERSION}-mac.zip" | |
| rm "./release/Leapp-${TAG_VERSION}-mac.zip.blockmap" | |
| zip "./release/Leapp-${TAG_VERSION}-mac.zip" "./release/Leapp-${TAG_VERSION}.dmg" | |
| zip "./release/Leapp-mac.zip" "./release/Leapp-${TAG_VERSION}.dmg" | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: eu-west-1 | |
| - name: Release draft to S3 | |
| run: | | |
| cd packages/desktop-app | |
| TAG_VERSION=${{ needs.tag-validation.outputs.tag-version }} | |
| TAG_VERSION=${TAG_VERSION:1} | |
| aws s3 cp ./release/ "${{ env.S3_BUCKET }}/${TAG_VERSION}/" --recursive | |
| build-macos-arm: | |
| runs-on: macos-latest | |
| needs: [ tag-validation, build-macos-x64 ] | |
| if: needs.tag-validation.outputs.validator == 1 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/checkout@v3 | |
| if: ${{ env.TEAM_REPOSITORY != '' }} | |
| with: | |
| repository: ${{ env.TEAM_REPOSITORY }} | |
| ref: main | |
| token: ${{ secrets.GH_TOKEN }} | |
| path: leapp-team | |
| - name: Inject Team Feature | |
| if: ${{ env.TEAM_REPOSITORY != '' }} | |
| run: | | |
| cd packages/core | |
| npm install | |
| npm run build | |
| cd ../.. | |
| mv leapp-team .. | |
| cd ../leapp-team/packages/leapp-team-core | |
| npm run bootstrap | |
| cd ../leapp-team-service | |
| npm install | |
| npm run test | |
| npm run enable-team-features-prod | |
| - name: Build macOS arm64 desktop app | |
| uses: nick-fields/retry@v2 | |
| env: | |
| APPLE_NOTARISATION_PASSWORD: ${{ secrets.APPLE_NOTARISATION_PASSWORD }} | |
| with: | |
| timeout_minutes: 20 | |
| max_attempts: 5 | |
| command: | | |
| cd packages/desktop-app | |
| KEY_CHAIN=build.keychain | |
| CERTIFICATE_P12=certificate.p12 | |
| CERTIFICATE_APPLICATION_P12=certificate-application.p12 | |
| echo "Recreate the certificate from the secure environment variable" | |
| echo "security create-keychain" | |
| echo "${{ env.CERTIFICATE_OSX_P12 }}" | base64 --decode > $CERTIFICATE_P12 | |
| echo "${{ env.CERTIFICATE_APPLICATION_OSX_P12 }}" | base64 --decode > $CERTIFICATE_APPLICATION_P12 | |
| security create-keychain -p ${{ env.KEYCHAIN_PASSWORD }} $KEY_CHAIN | |
| echo "security list-keychains" | |
| security list-keychains -s login.keychain build.keychain | |
| echo "security default-keychain" | |
| security default-keychain -s $KEY_CHAIN | |
| echo "security unlock-keychain" | |
| security unlock-keychain -p ${{ env.KEYCHAIN_PASSWORD }} $KEY_CHAIN | |
| echo "security import" | |
| security import $CERTIFICATE_P12 -k $KEY_CHAIN -P '${{ env.DECODE_PASSWORD }}' -T /usr/bin/codesign; | |
| security import $CERTIFICATE_APPLICATION_P12 -k $KEY_CHAIN -P '${{ env.DECODE_PASSWORD }}' -T /usr/bin/codesign; | |
| echo "security find-identity" | |
| security find-identity -v | |
| echo "security set-key-partition-list" | |
| security set-key-partition-list -S apple-tool:,apple:,codesign:, -s -k ${{ env.KEYCHAIN_PASSWORD }} $KEY_CHAIN | |
| rm -fr *.p12 | |
| npm install | |
| npm run set-target-arm64 | |
| npm run release-mac | |
| - name: Clean build | |
| run: | | |
| cd packages/desktop-app | |
| rm -Rf ./release/mac | |
| rm -Rf ./release/mac-unpacked | |
| rm -Rf ./release/.cache | |
| rm -Rf ./release/builder-debug.yml | |
| rm -Rf ./release/builder-effective-config.yaml | |
| rm -Rf ./release/mac-arm64 | |
| TAG_VERSION=${{ needs.tag-validation.outputs.tag-version }} | |
| TAG_VERSION=${TAG_VERSION:1} | |
| rm "./release/Leapp-${TAG_VERSION}-arm64-mac.zip" | |
| rm "./release/Leapp-${TAG_VERSION}-arm64-mac.zip.blockmap" | |
| zip "./release/Leapp-${TAG_VERSION}-mac-arm64.zip" "./release/Leapp-${TAG_VERSION}-arm64.dmg" | |
| zip "./release/Leapp-arm-mac.zip" "./release/Leapp-${TAG_VERSION}-arm64.dmg" | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: eu-west-1 | |
| - name: Release draft to S3 | |
| run: | | |
| cd packages/desktop-app | |
| TAG_VERSION=${{ needs.tag-validation.outputs.tag-version }} | |
| TAG_VERSION=${TAG_VERSION:1} | |
| aws s3 cp ./release/ "${{ env.S3_BUCKET }}/${TAG_VERSION}/" --recursive | |
| publish-draft: | |
| runs-on: ubuntu-latest | |
| environment: prod | |
| needs: [ tag-validation, build-linux, build-win, build-macos-arm, build-macos-x64 ] | |
| if: needs.tag-validation.outputs.validator == 1 | |
| steps: | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: eu-west-1 | |
| - name: Move draft to latest | |
| run: | | |
| TAG_VERSION=${{ needs.tag-validation.outputs.tag-version }} | |
| TAG_VERSION=${TAG_VERSION:1} | |
| aws s3 rm "${{ env.S3_BUCKET }}/latest" --recursive | |
| aws s3 cp "${{ env.S3_BUCKET }}/${TAG_VERSION}/" "${{ env.S3_BUCKET }}/latest" --recursive | |
| publish-changelog: | |
| runs-on: ubuntu-latest | |
| environment: prod | |
| needs: [ publish-draft ] | |
| if: needs.tag-validation.outputs.validator == 1 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: eu-west-1 | |
| - name: Publish changelog | |
| run: | | |
| aws s3 cp CHANGELOG.md "${{ env.S3_BUCKET }}/" | |
| invalidate-distribution: | |
| runs-on: ubuntu-latest | |
| environment: prod | |
| needs: [ publish-changelog ] | |
| if: needs.tag-validation.outputs.validator == 1 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: eu-west-1 | |
| - name: Invalidate distribution | |
| run: | | |
| aws cloudfront create-invalidation --distribution-id ${{ env.DISTRIBUTION_ID }} --paths "/*" | |
| publish-github-release: | |
| runs-on: ubuntu-latest | |
| needs: [ invalidate-distribution, tag-validation ] | |
| if: needs.tag-validation.outputs.validator == 1 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Create GitHub Release | |
| uses: ncipollo/release-action@v1 | |
| with: | |
| token: ${{ secrets.GH_TOKEN }} | |
| body: "Full changelog & Downloads ⇒ https://www.leapp.cloud/releases" | |
| tag: ${{ needs.tag-validation.outputs.tag-version }} | |